CVE-2015-1137

Vulnerability

A NULL pointer dereference vulnerability exists in the NVIDIA graphics driver on Apple OS X Yosemite v10.10 through v10.10.2. The issue is triggered via an unspecified IOService userclient type, which can be exploited by a local user to cause a kernel-level crash or potentially escalate privileges.

Exploitation

An attacker with local access to the system can exploit this vulnerability by sending a crafted IOService userclient type to the NVIDIA graphics driver. No additional authentication or user interaction is required beyond standard local user privileges. The exact sequence of steps is not publicly detailed, but the attack vector involves interacting with the driver through the I/O Kit framework.

Impact

Successful exploitation can lead to either a denial of service (system crash due to NULL pointer dereference) or privilege escalation, allowing the attacker to gain elevated privileges (likely root) on the affected system. The impact is limited to local users, but it can result in full system compromise.

Mitigation

Apple addressed this vulnerability in OS X Yosemite v10.10.3, released on April 8, 2015 [1]. Users should update to OS X v10.10.3 or later. No workarounds are available for unpatched systems. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.